A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Reverse engineered ChatGPT API

🗃 Open source self-hosted web archiving. Takes URLs/browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more...

🕵️‍♂️ Offensive Google framework.

🕵️‍♂️ Collect a dossier on a person by username from thousands of sites

Most advanced XSS scanner.

The Rogue Access Point Framework

Free and Open Source Machine Translation API. Self-hosted, offline capable and easy to setup.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

Incredibly fast crawler designed for OSINT.

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

fsociety Hacking Tools Pack – A Penetration Testing Framework

A command-line productivity tool powered by AI large language models like GPT-4, will help you accomplish your tasks faster and more efficiently.

A swiss army knife for pentesting networks

Automagically synchronize subtitles with video.

CTFs as you need them

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

HTTP parameter discovery suite.

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Colored logcat script which only shows log entries for a specific application package.

🐢 Open-Source Evaluation & Testing library for LLM Agents

The Sublime Text package manager

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

Framework for Man-In-The-Middle attacks

💫 Ngrok FRP Alternative • ⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • 😈 TLS interception • 🔒 DNS-over-HTTPS • 🔥 Poor Man's VPN • ⏪ Reverse & ⏩ Forward • 👮🏿 "Proxy Server" framework • 🌐 …

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Tool for Active Directory Certificate Services enumeration and abuse